CVE-2023-7327

HIGH

Ozeki SMS Gateway <=10.3.208 - Path Traversal

Title source: llm

Description

Ozeki SMS Gateway versions up to and including 10.3.208 contain a path traversal vulnerability. Successful exploitation allows an unauthenticated attacker to use URL-encoded traversal sequences to read arbitrary files from the underlying filesystem with the privileges of the gateway service, leading to disclosure of sensitive information.

Exploits (1)

exploitdb WORKING POC

by Ahmet Ümit BAYRAM · textwebappsmultiple

https://www.exploit-db.com/exploits/51646

View Code ZIP pw:eip

References (3)

[Various Sources] https://ozeki-sms-gateway.com/

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/51646

[Third Party Advisory] https://www.vulncheck.com/advisories/ozeki-sms-gateway-unauthenticated-arbitrary-file-read

Scores

CVSS v4 8.7

EPSS 0.0077

EPSS Percentile 73.7%

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Details

CWE

CWE-22

Status published

Products (1)

Ozeki Ltd./Ozeki SMS Gateway < 10.3.208

Published Nov 12, 2025

Tracked Since Feb 18, 2026